A Facebook bug let app developers see photographs users had uploaded, but never posted, the social network said.
For two weeks in September, an error in the way Facebook shares photographs with third parties meant that apps could see not only photos users had posted on their Newsfeed, but also pictures in other parts of the site — on Facebook Stories or Facebook’s Marketplace, for instance.
The bug also “impacted photos that people uploaded to Facebook, but chose not to post,” Facebook developer Tomer Bar said in a statement on Friday.
Importantly, the only applications that had access to the hidden photographs were those to which users had already granted access to all their public photos, through the company’s application programming interface, Bar said.
“Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers,” Bar said.
Users affected are those who had given permission to third-party apps to access their photos through the Facebook log-in function. There is no evidence that the bug led to any large-scale extraction of photos from the site.
“We’re sorry this happened,” Bar added. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”
The error is comparatively minor given Facebook’s scale.
In September, almost five times as many accounts were affected by a data breach in which hackers accessed personal information, including name, relationship status, search activity and recent location check-ins.
“The vulnerability was the result of a complex interaction of three distinct software bugs and it impacted ‘view as,’ a feature that lets people see what their own profile looks like to someone else,” Facebook vice president of product management Guy Rosen said at the time.
“It allowed attackers to steal Facebook access tokens, which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” he added.
China on Monday announced its first ever sanctions against an individual Japanese lawmaker, targeting China-born Hei Seki for “spreading fallacies” on issues such as Taiwan, Hong Kong and disputed islands, prompting a protest from Tokyo. Beijing has an ongoing spat with Tokyo over islands in the East China Sea claimed by both countries, and considers foreign criticism on sensitive political topics to be acts of interference. Seki, a naturalised Japanese citizen, “spread false information, colluded with Japanese anti-China forces, and wantonly attacked and smeared China”, foreign ministry spokesman Lin Jian told reporters on Monday. “For his own selfish interests, (Seki)
VENEZUELAN ACTION: Marco Rubio said that previous US interdiction efforts have not stemmed the flow of illicit drugs into the US and that ‘blowing them up’ would US President Donald Trump on Wednesday justified a lethal military strike that his administration said was carried out a day earlier against a Venezuelan gang as a necessary effort by the US to send a message to Latin American cartels. Asked why the military did not instead interdict the vessel and capture those on board, Trump said that the operation would cause drug smugglers to think twice about trying to move drugs into the US. “There was massive amounts of drugs coming into our country to kill a lot of people and everybody fully understands that,” Trump said while hosting Polish President
Japan yesterday heralded the coming-of-age of Japanese Prince Hisahito with an elaborate ceremony at the Imperial Palace, where a succession crisis is brewing. The nephew of Japanese Emperor Naruhito, Hisahito received a black silk-and-lacquer crown at the ceremony, which marks the beginning of his royal adult life. “Thank you very much for bestowing the crown today at the coming-of-age ceremony,” Hisahito said. “I will fulfill my duties, being aware of my responsibilities as an adult member of the imperial family.” Although the emperor has a daughter — Princess Aiko — the 23-year-old has been sidelined by the royal family’s male-only
A French couple kept Louise, a playful black panther, in an apartment in northern France, triggering panic when she was spotted roaming nearby rooftops. The pair were were handed suspended jail sentences on Thursday for illegally keeping a wild animal, despite protesting that they saw Louise as their baby. The ruling follows a September 2019 incident when the months-old feline was seen roaming a rooftop in Armentieres after slipping out of the couple’s window. Authorities captured the panther by sedating her with anesthetic darts after she entered a home. No injuries were reported during the animal’s time on the loose. The court in the
RSS